package com.parking.mgr.useraccount.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;

/**
 * @ClassName SpringSecurityConfig
 * @Description SpringSecurity配置
 * @Auther: zhijianpu
 * @Date: 2023/5/19
 */
@Configuration
public class SpringSecurityConfig {

//    @Resource
//    private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;


    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        // 开启模拟请求，比如 API POST 测试工具的测试，不开启时，API POST为报304错误
        httpSecurity.csrf().disable();
        // 开启跨域访问
        httpSecurity.cors();
        // 不使用默认退出，自定义退出
        httpSecurity.logout().disable();
        // 未认证时访问保护的资源端点
        //httpSecurity.exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint);
//        httpSecurity.authorizeHttpRequests(authorize -> authorize
//                // 放开以下接口的权限校验
//                .mvcMatchers(SpringSecurityConstant.NONE_SECURITY_URL_PATTERNS).permitAll()
//                // 其余的都需要访问
//                .anyRequest().authenticated()
//        );

        // 将自定义过滤器（图形验证码校验）添加到 UsernamePasswordAuthenticationFilter 之前
        // httpSecurity.addFilterBefore(imageCodeValidateFilter, UsernamePasswordAuthenticationFilter.class);

        return httpSecurity.build();
    }
}
